Since 2002, SurePrep has specialized in the management and processing of complex tax data for both CPA firms and individual taxpayers. Over 20,000 tax professionals rely on SurePrep software, and their consumer-facing offering, TaxCaddy, is also rapidly gaining traction.
SurePrep products run on an Infrastructure-as-a-Service (IaaS) deployment in the cloud. They were using load balancing to distribute traffic across their IaaS deployment. But like many businesses, SurePrep found that their cloud infrastructure couldn't keep up with company growth. They needed a new solution in order to avoid exceeding their bandwidth.
In addition, managing their load balancing was a labor intensive process, and they lacked personnel who could be dedicated to doing so. SurePrep wanted to use their internal resources more efficiently.
SurePrep also needed a solution in place for automatic DDoS mitigation. Their mitigation strategy worked, but it was a mostly manual process.
The Cloudflare Solution
Cloudflare turned out to be an ideal fit. Crucial to their decision to deploy Cloudflare was the Cloudflare-IBM partnership. SurePrep has to have all vendors approved by their customers because of the sensitive nature of the data they're handling. SurePrep already used the IBM IaaS offering, so deploying Cloudflare through IBM meant it was already approved and simple to deploy.
Cloudflare allowed SurePrep to set up load balancing with a few clicks. They found that using Cloudflare doesn't require deep technical knowledge and reduces the potential for human error. The intuitive Cloudflare dashboard vastly reduces time spent maintaining their infrastructure, freeing up engineering and IT time for more business-critical tasks.
"The idea of being able to abstract the engineering heavy lifting away from ourselves and interact with this as a platform was attractive," says Will Hosek, Chief Information Technology Officer at SurePrep. "Our expectations there were definitely met – Cloudflare was exactly what we wanted."
Aside from load balancing, SurePrep was able to leverage other products from the suite of Cloudflare technologies, including the web application firewall (WAF), DDoS protection, Cloudflare Argo, and Cloudflare Workers — the serverless application platform that runs code at the edge.
Load balancing via Cloudflare is easier and more efficient than the previous solution used by SurePrep. Hosek says that, "Through the load balancer, and during busy season, we were able to manage 35-40 web servers very effectively and very quickly without fear of messing things up, all through the Cloudflare interface." Hosek also notes that, while he used to handle load balancing himself, "Now I can delegate load balancing to someone else and they can handle it easily."
The WAF makes blocking malicious bot traffic easier and faster as well. Hosek recounts one instance when Cloudflare helped SurePrep detect unusual bot activity attempting to access their web portal. Via Cloudflare’s WAF, they were able to quickly set a rule blocking the region that the bot traffic was coming from, saving the time of having to identify and individually block the IP addresses involved. (Because the traffic was coming from outside the U.S. and SurePrep only assists with U.S. taxes, blocking a region outside the U.S. had no effect on legitimate SurePrep customers.) Just like that, the bot activity was blocked.
"We love Cloudflare Workers," says Hosek. "The most important thing that we've done with Workers thus far is to manage some custom headers that needed to come in that our application expects from a legacy standpoint. Having to rewrite our application to handle the other headers would have been a huge effort. We used Workers to provide those custom headers instead." SurePrep writes Cloudflare Workers functions for a variety of other use cases as well.
Cloudflare Argo helps SurePrep route traffic faster. Customer traffic within the application goes back and forth from SurePrep's origin servers via HTTP requests, and with smart routing, HTTP traffic travels faster, resulting in a better customer experience.
Overall, Cloudflare keeps SurePrep's servers better protected and less exposed than they would be otherwise. "What provides peace of mind," says Hosek, "is that Cloudflare minimizes our attack surface, because attackers have to go through Cloudflare's WAF, DDoS protection, and so on, before they ever get through to us."
• With Cloudflare Load Balancing, SurePrep manages traffic across dozens of servers during peak tax season, ensuring a performant experience for users.
• Cloudflare Workers enable SurePrep to deploy custom code at the network edge, rewriting page headers on the fly and saving precious developer cycles.
“What provides peace of mind is that Cloudflare minimizes our attack surface, because attackers have to go through Cloudflare's WAF, DDoS protection, and so on, before they ever get through to us.”
Chief Information Technology Officer, SurePrep